Switching your website to HTTPS has been one of the most talked about developments in SEO for 2014. While a requirement for e-commerce, financial, and other login websites containing personal/financial information, HTTPS is increasingly being used by all kinds of sites across the Web.
While websites face a gauntlet of attacks from hackers, much of the buzz around HTTPS stems from when Google announced in August 2014 that adding an SSL 2048-bit key certificate on your website will give you a minor search rankings boost. When Google talks about a rankings advantage, businesses take notice.
While Google has said that HTTPS is a “very lightweight signal”, they also said they may decide to strengthen the signal. Google wants a safe Web calling it a “top priority” and has encouraged all website owners to switch from HTTP to HTTPS.
To have your website receive the HTTPS designation, you need to purchase an SSL certificate. This verifies the authenticity of Internet connection security.
The Pros of Going HTTPS
1. Added Security.
Hyper Text Transfer Protocol is the standard Internet communications protocol. HTTPS add in a Security Sockets Layer/Transport Layered Security. Thus, the ‘S’ in HTTPS is for secure.
HTTPS websites are easily identified by the padlock icon that appears next to the URL. When a website has a Security Certificate, it’s applied to all pages on the website.
HTTPS provides a level of encryption that provides greater protection against hackers. It assures that the website is connected to the properly designated server. HTTPS protects against tampering by third parties and is known to prevent man-in-the-middle attacks and wiretapping.
2. Trust Factor.
Added level of security can make website visitors feel more secure on the Web. With the amount of malware, viruses, and other intrusions on the Web, it’s important for visitors to have a greater confidence when visiting a site and to be willing to share their personal information such as through a contact form.
3. Google Rankings Boost.
Google has said websites with HTTPS receive a very minor rankings boost. Bing, Yahoo, and other search engines may follow their lead.
4. Relatively Low Cost.
Security certificates are widely available on the Web. It’s usually easiest to purchase a certificate through your web host, and many will install them on your website at no extra charge when a certificate is purchased.
While there are different types of certificates available, most small business websites shouldn’t need a certificate that costs more than $100 per year. For a basic certificate, it’s even possible to obtain a certificate for free.
5. Google Analytics (GA) Tracking Can Be Unaffected.
When moving your website to HTTPS, you don’t have to lose the analytics data associated with your website. You simply adjust the settings in GA to indicate your website in HTTPS. It’s also easy to add the HTTPS version of your website to Google Webmaster Tools.
6. Peace of Mind.
While HTTPS doesn’t totally protect your website from intrusion, it can provide greater peace of mind for businesses and webmasters and confidence that their website is secure.
The Cons of Moving to HTTPS
1. Ongoing Annual Costs.
In addition to having to purchase a Security Certificate each year, you also need a dedicated IP address if you do not already have one. This allows for communication with just one server, which is required for HTTPS.
Dedicated IP addresses are also an annual cost, although typically they do not cost more than $50 per year. If you are using a dedicated Web server or more robust hosting, it’s likely you don’t need one.
2. Set Up Costs/Work Involved.
Unless you aren’t concerned about a loss in website traffic, moving your website isn’t as simple as just buying a Security Certificate. You essentially have a new website with all new link paths.
Forcing link redirects, editing WordPress or other CMS Settings, updating the link paths on Web pages, and adding the HTTPS version of your website to Google Webmaster Tools are some of the important tasks involved. This Moz article covers more of the challenges to overcome with switching to HTTPS.
In addition to the set up/transition work involved there is also follow up and monitoring of rankings and ongoing cleanup and implementation of the proper link paths. Some web pages can feel a whack-a-mole making them HTTPS compliant so that the padlock icon is green. Links on the page or being called to the page that are not secure calls, WordPress plugins, and images among other factors can all prevent the clean padlock icon from appearing.
However, using a Force HTTPS plugin in a CMS can alleviate the headache of diagnosing and fixing ‘partially encrypted’ errors. If you don’t have in-house help resolve the issues, utilizing an SEO company or Web developer makes a lot of sense.
3. Risk of Website Traffic Loss.
There are risks of losing traffic to your website when moving to HTTPS. It’s likely in the first few days and weeks of the transition, there’ll be a dip in traffic. This is not always the case but switching to HTTPS does have its pitfalls. However, if you use an SEO professional, you can help minimize the risks of lost traffic.
4. Website Speed.
HTTPS requires extra communication between a server and thus has the potential to slow down your website. Since website speed is also a Google ranking factor, HTTPS may work against you. However, there are a variety of different ways to speed up your website than can mitigate lost speed due to HTTPS.
5. CDNs Are More Expensive.
In addition to the certificate cost and dedicated IP cost, having HTTPS can also make utilizing a Content Distribution Network, which is an easy, affordable way to speed up your website, significantly more expensive.
6. A Wide Range of Options.
Having choice is usually a good thing but the number of options available with obtaining an SSL can be dizzying. There are single, shared, custom, SNI, or wildcard security certificates. There are also Extended Validation (EV) Certificates, which require extensive verification of the requesting entity’s identity.
To obtain an EV, verification is performed by the certificate authority, who vets the applicant before a certificate can be issued. EVs have the added benefit of showing the website owner’s identity next to the padlock icon. EVs are considerably more expensive than the domain validation only SSLs.
It’s important to understand that switching to HTTPS is not a panacea for Web security. Websites are still susceptible to intrusion but having an SSL certificate does decrease risks.
Without a doubt, moving to HTTPS has its pros and cons and may not be worth the time and expensive for non-commercial websites. Ultimately, the Web is striving for greater security so websites that adapt to and embrace change and utilize ‘future friendly’ practices have a leg up.
At Ascent, we recently underwent the process of moving our website to HTTPS and have seen minimal rankings effect. Let us know in the comments if you have questions or contact us if you need help making the switch.